If there is a response from _any_ port on a computer then I don't rat's thingummyjig what you want to call any other port, STEALTH, is a stupid term... It actually gives me information you don't want me to know...

"Stealth" is a BS term to make you feel warm and fuzzy about the fact that I can't reach that port on your computer.... But, guess what???? The fact that it is "stealth" tells me you are dropping my packets, because the _proper_ response to a SYN packet to a closed port is an RST... Don't send me the RST and I know what your firewalls rules are - well... I know some of them... So you are giving me information... If the firewall responded with an RST to every port you don't want open through it then I could tell nothing other than there is a computer there and it has some ports open... I wouldn't know about your firewall... which I could possibly fingerprint and find an exploit for...

You're a tad off there... Your "open" ports aren't "open". They were allowed connections that started from the inside that the firewall rules allowed... They started _from_ the inside with a SYN... so the firewall allowed it... even while you have an active connection to a remote machine on port xxxx, the firewall will, (if the rules say so), block an incoming SYN to the same port - despite the fact that an outbound connected port isn't supplying a service and would still send an RST even if the firewall weren't there... Connections aren't "open" ports... Open ports are those that supply a service such as HTTP, SMTP, FTP etc...

February 17th, 2006, 12:10 AM

Relyt

True, mine was an incomplete/incorrect response. I was thinking more of fooling the firewall, thanks for cleaning it up.

Mantaining the logs and the continued logging of every download, page visited, time spent there, email in & out on all the clients that the ISP has, could result in an unreasonable burden. Should they be expected to retain it all for any serious length of time and of course where would they stow it? That gets expensive. They may backup email because of the potential future need, but the rest? I would guess, if the local cop shop has a specific interest, they may approach the ISP and have him retain those logs for review.

We have several folks here in that occupation so hopefully they’ll jump in and address any legal requirements.